Security Alert

Jan. 8, 2019 – Phishing Alert

Tuesday, Jan. 8, 2019, many UA students, faculty and staff received a phishing email from a compromised crimson email account. The email posed as the IT Service Desk; however, the email did not originate from OIT, it is an email scam.  

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Gift Card Phishing Scams

Over the past few months, OIT has seen a major rise in phishing attempts where malicious actors attempt to exploit money from UA employees. The emails appear to come from a supervisor or another organization leader, and the emails are directed to an employee in that organization or group. This scam has been occurring at UA for several months, beginning with senior leadership.

The emails begin by the malicious actor engaging employees in an email-only conversation that attempts to convince the employee to purchase gift cards. If you look closely, the “From:” email address is not actually a ua.edu email address, but an alternative email address the actor set up outside of UA.  The email address may appear to come from a UA contact, but it is usually a Gmail, AOL or other external email address that includes the name of the supervisor or leader. Often, the emails have poor spelling and grammar. Additionally, the emails are usually brief and may only be a subject line. Below are a few examples of these emails.


Subject: Hi [NAME OF TARGET]

Good morning,

 Are you in the office? If not please i have an important errand i want you to run for me in the store right now? 

Thanks

Best Regards.

[NAME OF THE SUPERVISOR OR LEADERSHIP]

Executive Director


Subject: Hello Are you in compus


Subject: Hello

Are you available on campus 


Do not be fooled by these phishing emails. Remember to always look at the “From:” address to make sure it is an actual supervisor or leader’s ua.edu email address. If you do receive an email like this, please send a copy to security@ua.edu, and then delete the email. 

Dec. 19, 2018 Phishing Attempts

Wednesday, Dec. 19, 2018, many UA employees received phishing emails.

The emails were from gclaveria@wsd1.org and mnorris2@fortiscollege.edu. These emails are phishing attempts designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the emails. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Dec. 13, 2018 – Phishing Attempt

Thursday, Dec. 13, 2018, many UA employees received a phishing email with the subject title “IT Advisory: Account Upgrade”from the email address hdeguzman@wsd1.org.

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Phishing Emails from Campus Execs

Many UA employees have received phishing emails with unusual messages that appear to be from the email accounts of UA executives or vice presidents; however, they are actually phishing emails from malicious actors. The emails attempt to engage the recipient into an email-only discussion, and some emails include requests to purchase gift cards.

If you have received an email like this, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu. Remember the red flags of phishing, and always check the “from” email address on suspicious messages. All official UA email should originate from a @ua.edu email address.

If you did receive this email and you have questions, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Nov. 26, 2018 – Phishing Alert

Monday, Nov. 26 2018, OIT received reports of many UA employees receiving phishing messages with the subject title “You have been sent a file using Dropbox”.

If you have received an email like this, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu. Remember the red flags of phishing, and always check the “from” email address on suspicious messages.

If you did receive this email and you have questions, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

November 20, 2018 Phishing Alert

Tuesday, Nov. 20 2018, many UA students received emails with the subject message “UA PAID JOB OFFER.”

If you have received an email like this, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu. Remember the red flags of phishing, and always check the “from” email address on suspicious messages.

If you did receive this email and you have questions, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Oct. 12, 2015 – Student Phishing Alert

Friday, Oct. 12 2018, many UA students received a phishing email with the from email address “fhamedwomanlon@gmail.com” with the subject title “Student Internship Opportunity”.

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 oritsd@ua.edu.

 

Cybersecurity Awareness Month Tip: Free Credit Freeze

October is Cybersecurity Awareness Month. Keep your information secure with tips from OIT.

Effective this year, individuals can now place a freeze on their credit at no cost. Your first question may be, “What is a credit freeze?” It’s easier than it sounds, and it is the best way to prevent malicious actors from using your personal information to open new accounts in your name.

When an individual freezes their credit, a credit bureau cannot provide any information about the individual to a lender until the individual elects to thaw the freeze.  Prior to federal legislation approved in September, individuals were required to pay a $10 fee each time the credit was frozen or thawed. Now, individuals can freeze and thaw their credit with no fee.

Individuals can freeze their credit with Equifax, TransUnion and Experian for free. OIT recommends placing a freeze at all three bureaus. Visit their websites directly to establish the freeze.

When a freeze is established with each bureau, the bureau will provide a pin or secure identification code to secure the account. Individuals can then provide that pin number to the bureau when ready to thaw the credit. An individual may need to thaw the credit when making a large purchase or requesting a loan. When making a purchase that requires a credit check, simply ask the lender which credit bureau they use, and you can thaw the freeze with that bureau only. Remember to re-freeze your credit after the purchase is made.

To learn more about credit freezes, please visit the Federal Trade Commission website.

October is National Cybersecurity Awareness Month. OIT will be posting cyber safety tips throughout the month. For more information about Cybersecurity Awareness Month, visit the National Cyber Security Alliance’s website https://staysafeonline.org.

 

5 Cyber Tips to Follow at Home and at Work

October is Cybersecurity Awareness Month. Keep your information secure at home and at work with the following tips from OIT.

Create Strong Passwords

OIT recommends that all passwords be 12 or more characters, with a mixture of uppercase, lowercase, numbers and special characters. We understand it can be tricky to generate, and remember, complex passwords. Later this semester, OIT will be providing LastPass password management tool for free to all students, faculty and staff. With LastPass, all passwords will be stored in a secure and encrypted environment. Moving forward, the only password you’ll have to remember is your password to LastPass. Stay tuned for more information.

Use 2FA

Most UA students, faculty and staff are familiar with DUO two-factor authentication, but did you know that other websites offer their own version of two-factor? Google, iCloud, Amazon, Facebook and even Snapchat offer two-factor verification to protect the sensitive data in these accounts. Activate two-factor for your personal accounts today.

Credit Freeze

A credit freeze is the best way to prevent malicious actors from using your personal information to open new accounts in your name. When an individual freezes their credit, the credit bureaus cannot provide any information about the individual to lenders until the individual elects to thaw the freeze.  Individuals can freeze their credit with Equifax, TransUnion and Experian for free. OIT recommends placing a freeze at all three bureaus. Visit their websites directly to establish the freeze.

Do not share sensitive data

Hackers do their homework. When malicious actors send spear phishing attacks, they design emails to often come from individuals within your contact list. If you get a suspicious email from a colleague, OIT recommends that you call that individual to verify the email. Do not respond to the email to verify its sender, and do not send any sensitive information via email.

Backup

Finally, backup your data! This applies at home and at work; accidents can happen anywhere. Keep your files safe and encrypted in a cloud storage account like UA Box. This applies to sensitive work material and your grandmother’s coconut cake recipe. Anything you want to keep safe should be stored in a secure cloud storage account. If you prefer to store files on an external hard drive or flash drive, plug the device into your computer, backup your files, and then unplug it and store it in a safe location.

October is National Cybersecurity Awareness Month. OIT will be posting cyber safety tips throughout the month. For more information about Cybersecurity Awareness Month, visit the National Cyber Security Alliance’s website https://staysafeonline.org.